1. Field of the Invention
Embodiments of the present invention generally relate to a computer security system and, more particularly, to a method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer.
2. Description of the Related Art
Widespread Internet usage by small to large organizations results in an increase in computer-related attacks. Various malicious software programs (e.g., viruses, Trojan horses, worms and/or the like) cause many of these related computer attacks. These malicious software programs may be transmitted (i.e. downloaded) to a vulnerable computer without user consent and/or knowledge as executable programs, email attachments, multimedia files (e.g., video files, audio files and/or the like), malicious HTML code on web pages and/or the like.
The malicious software programs may exert control over an operating system and modify various files (e.g., system registry entries) and/or settings (e.g., background color, screen saver and/or the like) in order to disrupt normal operation. The malicious software programs may also exploit the user computer for illegitimate purposes. For example, a certain malicious software program may misappropriate sensitive data, such as intellectual property, customer data, medical histories, financial records, purchase orders, legal documents, privileged and/or confidential information, social security numbers, addresses, pictures, documents, contacts and/or the like.
Occasionally, a user may be enticed and/or redirected to a website that hosts such malicious software programs. The user may be enticed by various techniques including an email or a posting on social networking websites (e.g., Orkut, Facebook, MySpace and/or the like) that includes a link to the malicious website. The user may also be enticed through a browser window that misrepresents legitimate computer operations, such as anti-virus security scans or operating system messages.
Typical security software is designed to detect the malicious software programs and remediate any malicious activities, such as network connectivity disruption or file deletions. The security software utilizes signatures for performing the malware detection. Such signatures are created using reputed side effects. In addition, because the development of these signatures requires a significant amount of time, the malicious software programs are able to disrupt many computers before detection and remediation. Moreover, signature development is not automatic and relies on numerous manual operations.
Therefore, there is a need in the art for a method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer.